A recent conference looked at some ways printers can be exploited by hackers despite existing security features. Image source: Photos.com.

An article in MIT’s Technology Review explored printer security concerns, a topic of discussion at the annual ShmooCon hacker convention, held January 28– 30 in Washington, DC. At the convention, security experts delivered two presentations examining how hackers can use a company’s networked printer or MFP to exploit a company’s network and gain access to sensitive information or even use printers and MFPs as cyber storage. With the rise of inexpensive Web-connected printers from HP and Lexmark, the security of printing devices is an issue that now affects customers ranging from home users to large enterprises.

A presentation called, “Printer to PWND: Leveraging Multifunction Printers During Penetration Testing,” focused on a new tool called Praeda. (PWND means compromised or controlled). Praeda was developed by so-called “penetration testers,” who attempt to hack in to a company’s network under controlled circumstances to look for potential security issues. According to the presenters, “In this presentation, we go beyond the common printer issues and focus on harvesting data from multifunction printer (MFP) that can be leveraged to gain access to other core network systems.” The Praeda software looks for common security flaws and configuration issues (e.g., default passwords) to access printers from outside a corporate network. After the network is compromised, Praeda can capture usernames, email addresses, and authentication information including SMB, email, and LDAP passwords. The developers of the tool say they can then leverage this information to gain administrative access into email servers, file servers, and Active directory domains.

Another presentation, called “Printers Gone Wild!” focused on weaknesses of HP’s Printer Job Language (PJL), which is supported in certain HP printers. PJL functions above PCL and other print languages for switching printer language between print jobs, job separation, printer configuration, and reading back status from the printer to the host computer. The penetration tester says that PJL can be exploited for “printer information gathering, control panel lockout, disk lockout, file uploads, file downloads, and mass LCD changing.” Alarmingly, the tester found HP printers could be used as “a large storage receptacle for data ex-filtration, covert storage, and browser exploitation tactics.”

While the industry has long been aware of security issues related to shared copiers and MFPs in offices, with vendors constantly updating their lines with various security improvements, today’s networked, Web-connected printers for homes and small offices/home offices (SOHO) present hackers with a new, less secure opportunity. The MIT Technology Review article quotes one tester who warns “even the printers you have at your house, these multifunction printers, have an ability to do a lot over the Web. They don’t integrate as much, but they can do remote printing and remote scanning.” Indeed, when HP announced ePrint, one of the first concerns among industry analysts was security and spam protection. HP has implemented security features with ePrint such a s a locked mode to specify what email addresses are allowed to send print jobs to a printer.

Security has becomes a growing concern among consumers and businesses of all sizes, as hackers are always looking for potential weaknesses that can be exploited. Because today’s printer and MFPs have so much more functionality than a device did 10 or 15 years ago, they are now actively targeted by hackers. Thwarting these attacks is one area in which companies that market advanced copiers and MFPs (e.g., Canon, Konica Minolta, Ricoh, Xerox) and that therefore have more experience in security standards will have an advantage over firms that have traditionally marketed only printer-based products. Still, the onus is on all hardware vendors to improve security as clever hackers continually find more weaknesses to exploit.

One thought on “Hackers Look at Weaknesses of Networked and Web-Connected Printers and MFPs”

As the product security manager for Xerox it was with much interest that I listened to the talks given this weekend on printer security at SchmooCon. Any event that brings attention to how important it is to carefully evaluate the security measures built into MFPs is a good thing. It highlights the importance of choosing a vendor partner that will collaborate on a data protection strategy.

As you mention, the onus is on vendors to continuously improve security measures to protect customers. That’s why our products have appropriate security measures built-in for optimum network and hardware protection, like a network firewall, encryption and an option to restrict fax, email and scan features with verification of user names and passwords.

But to truly keep data secure, we work directly with customers to assess their security needs, helping to identify where their information resides, how it is transferred and detect the greatest areas of risk. Only by working together to create a data security plan that combines technology and policy can we protect our customers.